Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
This post is also available in: 日本語 (Japanese)
Executive SummaryA Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022.…
Summary: The UserPro plugin for WordPress has a significant security vulnerability that allows unauthenticated users to change the passwords of other users under certain conditions.
Threat Actor: Unauthenticated users | Unauthenticated users Victim: Users of the UserPro plugin | UserPro plugin
Key Point :
The UserPro plugin for WordPress, used by over 20,000 sites, has a critical security vulnerability in its password reset mechanism.…Written by: Michael Raggi
Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers.…
Summary: Cybersecurity researchers and IoT technology companies have collaborated to address four software vulnerabilities in Kalay, a tool used by various IoT device manufacturers, including Roku, Owlet, and Wyze. These vulnerabilities could have allowed hackers to gain deep access to networks, potentially impacting over 100 million devices worldwide.…
Summary: A malicious crypto mining campaign called ‘REF4578’ has been discovered, deploying a payload named GhostEngine that uses vulnerable drivers to disable security products and deploy a cryptocurrency miner.
Threat Actor: Unknown | Unknown Victim: Unknown | Unknown
Key Point :
The crypto mining campaign, codenamed ‘REF4578,’ uses a payload named GhostEngine to exploit vulnerable drivers and disable security products.…Threat Actor: Unknown | Unknown Victim: Git (Version Control System) | Git Price: Not specified Exfiltrated Data Type: Not specified
Additional Information:
The GIT CVE-2024-32002 RCE vulnerability allows for remote code execution through a recursive clone of a Git repository and Git submodules. The vulnerability takes advantage of the way Git handles submodules on case-insensitive filesystems that support symbolic links.…Summary: An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities, with eleven remaining unfixed.
Threat Actor: WatchTowr Labs | WatchTowr Labs Victim: QNAP | QNAP
Key Point :
An extensive security audit of QNAP QTS has uncovered fifteen vulnerabilities, including an unpatched stack buffer overflow vulnerability in the ‘No_Support_ACL’ function of ‘share.cgi’…This report was originally published for our customers on 14 May 2024.
Executive summaryThe DoppelGänger campaign is an ongoing influence campaign, starting from May 2022 and attributed to the Structura National Technologies (Structura) and the Social Design Agency (SDA), which are two Russian entities. The primary goal of DoppelGänger is to diminish support for Ukraine in the wake of Russian aggression and to foster divisions within nations backing Ukraine.…Summary: The frequency of ransomware claims has increased significantly in 2023, with a particular rise in indirect ransomware incidents and double leverage attacks.
Threat Actor: Ransomware | Ransomware Victim: Various organizations | Various organizations
Key Point :
The frequency of ransomware claims has increased by 64% year-over-year in 2023, driven by a surge in indirect ransomware incidents.…Summary: Tenable Research has discovered a critical memory corruption vulnerability named Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
Threat Actor: N/A Victim: N/A
Key Point :
Fluent Bit is a logging utility heavily used by all major cloud providers.…Summary: This content discusses the technical details of a pre-authenticated remote code execution vulnerability (CVE-2023-43208) affecting NextGen Mirth Connect, an open-source data integration platform widely used by healthcare companies.
Threat Actor: IHTeam | IHTeam Victim: Healthcare organizations | healthcare organizations
Key Point :
The vulnerability (CVE-2023-43208) is related to insecure usage of the Java XStream library for unmarshalling XML payloads in Mirth Connect.…Summary: The content discusses the dangers posed by AI models harboring backdoors, specifically focusing on the vulnerability in the llama_cpp_python package that allows attackers to execute arbitrary code and compromise data and operations.
Threat Actor: Unknown | Unknown Victim: AI models on trusted platforms like Hugging Face | Hugging Face
Key Point :
The vulnerability in the llama_cpp_python package potentially allows attackers to execute arbitrary code and compromise data and operations.…Summary: Intel has disclosed a maximum severity vulnerability in its Intel Neural Compressor software for AI model compression, which allows an unauthenticated attacker to execute arbitrary code on affected systems.
Threat Actor: Unauthenticated attacker | unauthenticated attacker Victim: Intel | Intel
Key Point :
The vulnerability, designated as CVE-2024-22476, is the most serious among the 41 security advisories disclosed by Intel.…Summary: This content discusses the departure of Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), and highlights his contributions to the agency’s data-driven risk reduction efforts.
Threat Actor: N/A
Victim: N/A
Key Point :
Eric Goldstein is leaving CISA after serving as the executive assistant director for cybersecurity since February 2021.…Summary: The cryptojacking group known as Kinsing has been actively orchestrating illicit cryptocurrency mining campaigns since 2019, continuously evolving and adapting by integrating newly disclosed vulnerabilities to expand its botnet.
Threat Actor: Kinsing | Kinsing Victim: Various victims | Kinsing victim
Key Point :
Kinsing, also known as H2Miner, is a cryptojacking group that has consistently expanded its toolkit with new exploits to enroll infected systems in a crypto-mining botnet.…Summary: This content discusses the challenges faced by security teams in consolidating and analyzing data from various sources to defend against cyber attacks.
Threat Actor: N/A Victim: N/A
Key Point :
Security teams often work with a technology stack composed of hardware, software, and data from different sources.…Summary: The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
Threat Actor: N/A Victim: N/A
Key Point :
The Norwegian NCSC advises organizations to transition from SSLVPN/WebVPN solutions to IPsec with IKEv2 by 2025.…Summary: The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities, including one in Google Chrome and two in D-Link routers, to its list of known exploited vulnerabilities.
Threat Actor: Unknown | Unknown Victim: Federal agencies and companies | Federal agencies and companies
Key Point :
The U.S.…Threat Actor: Hacker | hacker Victim: Organizations using SonicWALL SSL-VPN systems | SonicWALL SSL-VPN Price: $1000 Exfiltrated Data Type: User cookies, login credentials, passwords, domain information, details related to Active Directory Rules
Additional Information:
The exploit allows unauthorized access to sensitive information in SonicWALL SSL-VPN systems.…Summary: This article discusses the lack of security in open-source AI applications and the potential risks they pose to cybersecurity.
Threat Actor: N/A
Victim: N/A
Key Point:
Open-source AI applications are more vulnerable to security threats due to their free and widely available nature, lack of professional support, and other considerations.…